Database Corruption Issue in Citrix XenServer by Linux Foundation xapi
CVE-2017-5572

6.5MEDIUM

Key Information:

Vendor
Citrix
Status
Xenserver
Vendor
CVE Published:
30 January 2017

Summary

A vulnerability within the Linux Foundation xapi component of Citrix XenServer allows an authenticated read-only administrator to potentially corrupt the host database. This issue arises when certain operations permit unauthorized modifications, leading to instability and data integrity risks in the affected version. Users of Citrix XenServer 7.0 should take immediate action to mitigate potential consequences from this security flaw.

References

http://www.securityfocus.com/bid/95801
vdb-entryx_refsource_BID
https://support.citrix.com/article/CTX220112
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037716
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.